HP Secure Key Manager User Manual

Page 49

Advertising
background image

NOTE:

To generate a valid certificate, you must have a certificate authority sign a certificate request. You can

create local CAs on the SKM, and use those CAs to sign certificate requests. Otherwise, you must use an

external CA to sign certificate requests. The following steps assume that you have already created a

local CA.

To create a server certificate for the SKM:

1.

Log in to the Management Console as an administrator with Certificates access control.

2.

Navigate to the Create Certificate Request section of the Certificate and CA Configuration page

(Security > Certificates).

3.

Enter the Certificate Name, Common Name, Organization Name, Organizational Unit Name,

Locality Name, State or Province Name, Country Name, Email Address, and Key Size for the

certificate.

4.

Click Create Certificate Request. The new request appears in the Certificate List with a status

of Request Pending.

NOTE:

If you are creating a certificate for a client application, you must generate the certificate

request on the client application. If you are using a Java application, you can use the

keytool application to create and manage the certificate.

5.

Select the certificate request and click Properties to access the Certificate Request Information section.

6.

Copy the certificate request text. The certificate text looks similar, but not identical, to the following

text.
-----BEGIN CERTIFICATE REQUEST-----

MIIBmzCCAQQCAQAwWzEPMA0GA1UEAxMGZmxldGNoMQkwBwYDVQQKEwA

VBAsTADEJMAcGA1UEBxMAMQkwBwYDVQQIEwAxCzAJBgNVBAYTAlVTMQ

ZIhvcNAQkBFgAwgZ8wDQYJKoZIhvcAYBABTUxxgY0AMIGJAoGBAMUqA

sCcUqnt5Yug+qTSbgEFnvnYWUApHKDlx5keC1lguQDU1ol2Xcc3YGrU

JIMK2giQ5b+ABQDemRiD11vInQqkhV6ngWBRD0lpKCjU6QXDEE9KGCK

0rr2LErqxUuYwOu50Tfn4T3tKb1HGgfdzAgMBAAGgADANBgkqhkiG9w

OBgQCuYnv8vBzXEZpgLD71FfeDK2Zqh0FnfTHXAkHrj4JP3MCMF5nKH

NHHy0cYKTDP+hor68R76XhLVapKMqNuUHUYf7CTB5JNHHy0cYKTNHHy

Ce8nvvUG+yp2Eh8aJ7thaua41xDFXPmIEXTqzXi1++DCWAdWayXmg==

-----END CERTIFICATE REQUEST-----

CAUTION:

Be sure to include the first and last lines (-----BEGIN CERT... and -----END

CERT...), and copy only the text in the certificate. Do not copy any extra white space.

7.

Navigate to the Local Certificate Authority List section.

8.

Select a CA and click Sign Request.

9.

Paste the certificate request into the Certificate Request field. Select Server as the Certificate Purpose,

specify a Certificate Duration and click Sign Request. The newly-activated certificate displays on a

new page.

Secure Key Manager

49

Advertising
Popular Brands
Popular manuals